package com.daona.security.service;

import com.daona.security.token.TokenRepository;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.stereotype.Service;

/**
 * 退出登录的请求路径: /api/v1/auth/logout.当我们请求请求这个路径的时候,
 * security会帮我们找到对应的LogoutHandler,然后调用logout方法实现退出登录.
 */
@Service
@RequiredArgsConstructor
public class LogoutService implements LogoutHandler {

  private final TokenRepository tokenRepository;

  @Override
  public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
    //从请求头中获取鉴权信息
    final String authHeader = request.getHeader("Authorization");
    final String jwt;
    if (authHeader == null || !authHeader.startsWith("Bearer ")) {
      return;
    }
    //接续出token
    jwt = authHeader.substring(7);
    //从数据库中查询出token信息
    var storedToken = tokenRepository.findByToken(jwt).orElse(null);
    if (storedToken != null) {

      //设置token过期
      storedToken.setExpired(true);
      storedToken.setRevoked(true);
      tokenRepository.save(storedToken);
      //清除SecurityContextHolder上下文
      SecurityContextHolder.clearContext();
    }
  }
}
